Thursday, January 31, 2008

I'm planning to go on a course soon and I was concerned that I might have trouble finding some free WiFi Internet access. I decided to look at how I could get by this pay-for-internet problem and a couple of things I found out is it's quite easy to tunnel certain types of traffic within other traffic.

As i've stayed in hotels before I have noticed that the biscuits in the rooms are often crap and that I get ping responses when I'm bored. So here is my little guide to turn those ping responses into full SSH and HTTP access using ICMP Tunnels.

How This Works

Really it is very simple. If your computer (client) can ping a computer on your home network (server/Proxy) it can use a program (ptunnel) to encapsulate data in the data portion of the echo request packet. As the computer on the home network receives these packets it proxies to the destination (either itself or another server) and encapsulates the response in the echo reply back to the client.

Tools

ssh

ptunnel

browser

Server/Proxy Setup

For the purpose of this example I have a server running SSH on port 22 (bad I know but this is just an example) and a proxy on port 8118.

On the server I SSH in, start a screen session, and run the following command:

ptunnel -v 4 -x catwoman -f tun.log

I then detach from the screen session with ctr+a d

This leaves ptunnel running with a verbosity of 4 (pretty verbose), a password of catwoman and logging to a file called tun.log.

Client Setup

If i want to tunnel SSH through ICMP to my server at home I use the following to create the tunnel:

This sets up ptunnel to use the proxy (-p) of 192.168.1.203, creates a listening port on my client box of 8000. It connects to the destination address of 192.168.1.203 on a port of 22. It also uses the password of catwoman.

I would then open another terminal and type:

ssh -p 8000 lee@localhost

This all well and good for a bit of remote admin. Supposing I need to do a little surfing through my ICMP tunnel. Well I just use the following command:

ptunnel -p 192.168.1.203 -lp 8000 -da 0.0.0.0 -dp 8118 -x catwoman

I then go to my network properties on my browser and change the proxy settings to point to localhost on port 8000

And bingo. I get web access.

If you want to keep a track of things you can also view the log that you set up on your server (remember, the -f tun.log)

That's about it. I'm also in the process of creating some DNS tunnels but i'll save that for another blog entry.